Email security: Don't become a victim of malware

[Business Affairs Office News]

SUBJECT: Email security: Don't become a victim of malware

Sent on behalf of Will Laney, Chief Information Security Officer

In mid-March, you may have received an email message claiming to contain an invoice from a company such as IMAGINiT, Rand, or Tip Top Delivery. The "invoice" attached to that message actually contained malware -- malicious software.

Unfortunately, if you handle financial information for your job, you're one of the main targets of email campaigns like this.

What is Malware?

When someone opens an attachment that contains malware, it installs unwanted software on their computer. The type of malware we saw in March was an "information stealer": it looks for sensitive personal information or university data on your computer and sends it back to the attacker.

There are other types of malware, too. Here's more information from the University of Massachusetts: https://blogs.umass.edu/Techbytes/2013/10/29/malware/.

Malware is different from the related phenomenon of phishing. Phishing emails contain links to official-looking webpages that are intended to trick you into entering usernames, passwords, financial data, or other sensitive information.

The Target is You

Malicious email campaigns like this often follow two key patterns:

  *   They target staff members like you -- people who work with invoices or perform financial transactions as part of their jobs. There are two reasons for this:
     *   Because you're more likely to think the email has a legitimate business purpose, you're more likely to click a link or open an attachment
     *   You may have sensitive data on your computer that an attacker could benefit from stealing
  *   They target universities around scheduled break times in the winter, spring, and summer. The March malware campaign fit this pattern. When staff members and students are away from work, they may be more likely to fall for the attacker's traps.

Prevention and Recovery

What can you do the next time a suspicious email message appears in your inbox?

Forward the message to phishing at uoregon.edu<mailto:phishing at uoregon.edu> or to your local IT support staff. Never click suspicious links or open attachments that you aren't expecting.

If you have already clicked a link or opened an attachment like this, it's important to act quickly to limit the damage. Email security at ithelp.uoregon.edu<mailto:security at ithelp.uoregon.edu> immediately and contact your local IT support staff for further assistance.

The first step your IT support staff will take will be to unplug your computer from the network -- that is, remove the network cable while leaving the computer on. If you feel comfortable doing that yourself, please do so to limit the amount of time the attacker has access to your computer. On laptops, make sure you also have Wi-Fi turned off.

Staff in Information Services actively take steps to reduce the number of risky messages delivered to people at UO. But malicious campaigns like these are moving targets. That's why you -- the students, faculty, and staff at UO -- should always should always be on the alert for any email with malicious intent.

If you have any questions, please contact me or your local IT support staff.

Take care and stay safe,
Will

Will Laney, CISSP, CISA
Chief Information Security Officer
The University of Oregon
Phone: (541) 346-9700
Email: wlaney at uoregon.edu<mailto:wlaney at uoregon.edu>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists-prod.uoregon.edu/pipermail/bao-news/attachments/20160616/0172a38e/attachment.html>